3.5

CVE-2012-1987

Unspecified vulnerability in Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys to (1) cause a denial of service (memory consumption) via a REST request to a stream that triggers a thread block, as demonstrated using CVE-2012-1986 and /dev/random; or (2) cause a denial of service (filesystem consumption) via crafted REST requests that use "a marshaled form of a Puppet::FileBucket::File object" to write to arbitrary file locations.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PuppetPuppet Version >= 2.6.0 < 2.6.15
PuppetPuppet Version >= 2.7.0 < 2.7.13
PuppetPuppet Enterprise Version >= 1.0 < 2.5.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.55% 0.83
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 3.5 6.8 2.9
AV:N/AC:M/Au:S/C:N/I:N/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://hermes.opensuse.org/messages/15087408
Broken Link
http://secunia.com/advisories/48743
Vendor Advisory
Broken Link
http://secunia.com/advisories/48748
Vendor Advisory
Broken Link
http://secunia.com/advisories/48789
Vendor Advisory
Broken Link
http://ubuntu.com/usn/usn-1419-1
Third Party Advisory
http://www.debian.org/security/2012/dsa-2451
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/52975
Broken Link
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079227.html
Broken Link
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079289.html
Broken Link
http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080003.html
Broken Link
http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15
Broken Link
http://secunia.com/advisories/49136
Vendor Advisory
Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/74794
Third Party Advisory
https://hermes.opensuse.org/messages/14523305
Broken Link
http://projects.puppetlabs.com/issues/13552
Vendor Advisory
Broken Link
http://projects.puppetlabs.com/issues/13553
Vendor Advisory
Broken Link
http://puppetlabs.com/security/cve/cve-2012-1987/
Vendor Advisory
Broken Link
http://puppetlabs.com/security/cve/cve-2012-1987/hotfixes/
Vendor Advisory
Broken Link
http://www.osvdb.org/81308
Broken Link